Satellite Communications Hacks Are Real, and They’re Terrifying

LAS VEGAS— Where fiber and cell phones can’t reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire.

Black Hat Bug Art

Black Hat Bug Art

At a press conference held a day before his Black Hat presentation, Ruben Santamarta, principal security consultant the security company IOActive, gave a preview of his talk on new SATCOM attacks. At Black Hat 2014, Santamarta showed some proof-of-concept attacks on SATCOM systems. Four years later, his new research proves that these attacks are not merely theoretical.

Attacking SATCOM

Santamarta said his research focused on three main sectors that use SATCOM systems: aviation, maritime, and military. He found that all of these sectors were vulnerable in different ways, and all of his attacks could be executed remotely. While he found potential security breaches in all sectors, but also uncovered specific safety risks for SATCOM use in military and maritime fields.

In the case of aviation SATCOM, Santamarta said he could attack an aircraft in flight from the ground, and could intercept and disrupt non-safety communications, including the onboard public Wi-Fi. While Santamarta stressed that his extensive work with government agencies and aviation companies found no specific safety risk for aviation SATCOM systems, his attacks could be used to compromise security. The digital devices used by the passengers and the crew of the aircraft, for example, could be attacked via the onboard Wi-Fi.

Hacked Wireless Local Area Network Router

Hacked Wireless Local Area Network Router

In the case of maritime and military SATCOM use, Santamarta discovered vulnerabilities that could actually endanger the lives and wellbeing of people relying on these systems. He could, for instance, alter the antenna position or configure the antenna to use so much power that it compromised navigational systems. The ship’s crew and passengers would be left adrift at sea without reliable navigation.

Concerning military SATCOM systems, Santamarta found he could extract the exact GPS coordinates of the antenna to reveal the location of military installations. This poses a clear security and safety risk to military personnel in the field.

Going High-Powered

In his research, Santamarta found he could control not only the position of the SATCOM antennas, but the power of the transmission as well. This meant he could potentially attack the transponders within satellites themselves. This could have drastic earthbound consequences.

Related

“It is possible to use a specific amount of power in the transmission to create a scenario where biological and electrical systems can be affected,” Santamarta explained. “This can be used to create burns if [people] are affected by the transmission of the attena.”

SATCOM hacks could also cause malfunctions in electrical systems. The principle of the antennas, said Santamarta, was very similar to a microwave oven, hence the possibility of the so-called “cyber-physical attacks” he described.

Because of the sensitive nature of his research, Santamarta and representatives from his employer IOActive stressed the cooperation between themselves, vendors, and relevant government agencies in order to ethically disclose the vulnerabilities. Santamarta said mitigations for these attacks are already in development. However, fixing these problems completelyy could be more challenging. SATCOM devices are expensive and physically attached to vehicles and buildings, making repair or replacement difficult.

Santamarta will provide more details about his attack in an upcoming Black Hat talk, but some details will have to be disclosed over the course of months in order to do so ethically. Keep reading PCMag.com for more coverage from Black Hat 2018.

Further Reading

Security Reviews

Security Best Picks

Source